SRM Update SRM 1.2.5-8225 (recalled)

[fredbert]

2021-05-25: v1.2.5-8225 has been recalled and replaced with v1.2.5-8227​ This update has been recalled on May 25, 2021, due to an issue on time synchronization. The issue has been fixed in SRM 1.2.5-8227.​

That's 40 (FORTY!) bug fixes with 22 CVE references. Plus the vulnerability fix that was announced today.

Synology Security - Synology-SA-21:19 SRM

A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of Synology Router Manager (SRM). Continue reading... - - - Source: synology.com

www.synoforum.com

I can't imagine they would've have been holding all these fixes back so it must have been a very busy day yesterday

Version: 1.2.5-8225​

---

(2021-05-11)
Important Note

1. The update will be available for selected regions within the following weeks, although the release time in each region may vary slightly.

What's New

1. Supports deploying a mesh Wi-Fi system with low-band 5 GHz uplinks if 5GHz DFS channels are not available.
2. Added support for automatic updates of OS-version dependent packages when SRM is updated manually.
3. Updated the system to comply with the latest Wi-Fi connection laws in Indonesia.
4. Added support for customized IPv6 addresses in the local network.
5. Added several types of collectible information over SNMP.
6. Updated the API used for sending emails to Gmail accounts.
7. Updated dnsmasq to version 2.85.

Fixed Issues

1. Fixed the DHCP issues related to IPTV services of Telfort, XS4ALL, and KPN in the Netherlands.
2. Fixed an issue where SRM might not be able to transfer IEEE 1905.1 packets.
3. Fixed an issue where the guest network's default traffic policy could not be applied to guest Wi-Fi clients that are connected to additional Wi-Fi points.
4. Fixed an issue where SRM's current channel might be displayed incorrectly when a DFS channel was selected manually.
5. Fixed an issue where DFS channels might still be used when the option "Allow auto-switch to DFS channels" was not enabled.
6. Fixed an issue on traffic control: When an MR2200ac was assigned a traffic priority rule and then added to a mesh Wi-Fi system, its traffic priority rule could not be removed.
7. Fixed an issue where client devices could not be remotely started up via WOL when SRM was under the Wireless AP (bridge) mode.
8. Fixed an issue where a future time might be displayed in Log Center if the correct NTP information could not be obtained.
9. Fixed an issue where automatic updates of system databases might fail if SRM's system time was incorrect (e.g., a future time).
10. Fixed an issue where SRM didn't show reminder messages when hostnames at the DHCP Reservation tab contained illegal characters.
11. Fixed an issue where updates of system databases might fail when the system storage was full of dhcp-client logs.
12. Fixed an issue where a failure message was displayed in advance when the registration of Let's Encrypt certificate was still in progress.
13. Fixed an issue where Smart WAN failovers and failbacks could not be logged.
14. Fixed an issue where NAT loopback rules became invalid when a Smart WAN failback was executed.
15. Fixed an issue where gateway and DNS information might not be displayed properly in Network Center when a PPPoE connection was established with "Auto" IPv6 enabled.
16. Fixed an issue where the status of IPv6 might be shown as "disabled" when an IPv6 PPPoE connection was established.
17. Fixed an issue where 6in4 required a public IP address.
18. Fixed an issue where Internet connections established via MAP-E might fail after Synology Router was restarted.
19. Fixed an issue where SRM didn't show a reminder message if an external storage device containing archived logs was about to be removed.
20. Fixed an issue where source IP addresses of failed login attempts might not be displayed in Log Center.
21. Fixed an issue where SRM updates might fail when a shared folder name contained whitespace characters.
22. Fixed an issue where SRM updates might be unavailable on the GUI due to incorrect detection of storage capacity.
23. Fixed an issue where automatic updates of Threat Prevention's signature database might fail if system database settings in Control Panel were modified.
24. Fixed an issue where SD cards and USB devices were still recognized as formattable devices in Control Panel when they were read-only.
25. Fixed an issue where SRM didn't show reminder messages when the system storage was full of auto-block IP data.
26. Fixed an issue where the tab names at Control Panel > System could not be fully displayed when the display language was French.
27. Fixed an issue where logs might be repeatedly archived after Synology Router was restarted.
28. Fixed an issue where Smart WAN load balancing might not work properly when changes were made to interface priority.
29. Fixed an issue where Internet traffic might be double-calculated in traffic reports.
30. Fixed an issue where the IPv6 address of DDNS hostname might be displayed incorrectly.
31. Fixed an issue where DDNS updates might be unavailable if the update failed once.
32. Fixed an issue where the time of some regions might not be displayed correctly.
33. Fixed multiple security vulnerabilities regarding OpenSSL (CVE-2020-1968, CVE-2020-1971, CVE-2021-23840, and CVE-2021-23841).
34. Fixed multiple security vulnerabilities regarding wireless protocols (CVE-2020-24588, CVE-2020-24587, CVE-2020-24586, CVE-2020-26146, CVE-2020-26145, CVE-2020-26141, CVE-2020-26140, CVE-2020-26143, CVE-2020-26147, CVE-2020-26139, CVE-2020-26144, CVE-2020-11301).
35. Fixed a security vulnerability regarding Kerberos 5 (CVE-2020-28196).
36. Fixed a security vulnerability regarding GeoIP databases (CVE-2020-28241).
37. Fixed a security vulnerability regarding nDPI (CVE-2020-15476).
38. Fixed multiple security vulnerabilities regarding tcpdump (CVE-2018-19325 and CVE-2019-15165).
39. Fixed a security vulnerability regarding Linux kernels (CVE-2019-15666).
40. Fixed multiple security vulnerabilities (Synology-SA-21:19).

Known Issues & Limitations

1. Google Cloud Print will not be available on SRM 1.2.5 and above.
2. SRM 1.2 will be the last upgradable version for RT1900ac. RT1900ac will continue to receive critical and security updates until further notice.

Manual download...

Synology Archive Download Site - Index of /download

archive.synology.com

 

[Rusty]

O boy... this will be one stressful update.

 

[Rusty]

RT1900AC - 6,5min update. No problem

 

[fredbert]

No problem

yet

 

[Rusty]

yet

If there will be some problems.... I'll find you...

 

[Rusty]

RT2600+MR2200 patched up, so far no problems at all. Damn, I hate patching routers.

 

[DaClown]

Patch files downloaded. Summoning up the courage.

 

[fredbert]

I did mine yesterday and for once the package updates were then notified in Package Center. I noticed that two of the four system databases (IP Geolocation and Threat Intelligence) were both dated 2018 or some such old date, I manually updated them.

Woke up this morning to find the iPhone couldn't get to the Internet nor could it ping the ISP bridged router. Though seems wired devices were still ok... FreshRSS on the NASwas getting news articles. Ended up rebooting the router via DS router. Sometimes when this happens switching the iPhone's WiFi off and on corrects it, not this time. Will see what happens tomorrow. Also changed back from fixed WiFi channels to auto, will see if that does any good.

This issue (?), when it happens, is always first thing early morning between 5 and 7 o'clock-ish.

 

[DaClown]

Those 2 have never auto updated here either despite having the checkbox ticked. I do not use Safe Access or Threat Prevention so I assume the Google Safe Browsing & Threat Intelligence Database is for those packages, and may only update if they are installed? I could be wrong here. The other 2, IP Geolocation & Domain Name Database always seem to update on their own.

Any chance your auto-reboot somehow got enabled on the update? Maybe it is set during that time.

Using DFS channels? In my area they are virtually useless and cause WiFi "outages" due to the router taking its sweet time changing channels.

 

[DaClown]

OK, pulled the trigger about 5hrs ago. After system came back up, it hadn't grabbed the external IP from the cable modem, but succeeded after a reboot. So far so good. Will have to see if any gremlins appear between 5-7am like @fredbert.

 

[fredbert]

A tentative streaming of a podcast at 05:45 and it played. One instance of working aren't enough data points to draw a conclusion but a more relaxing way to start this day.

The system databases regressing to 2018 dates could either have been an unset date with up to date data or default data from 2018. All four databases normally update automatically and are doing now.

I'll keep an eye on DFS channels, which are enabled. Thx.

 

[SynoMan]

Yet another successful SRM update.

 

[DaClown]

A tentative streaming of a podcast at 05:45 and it played. One instance of working aren't enough data points to draw a conclusion but a more relaxing way to start this day.

The system databases regressing to 2018 dates could either have been an unset date with up to date data or default data from 2018. All four databases normally update automatically and are doing now.

I'll keep an eye on DFS channels, which are enabled. Thx.

I live somewhat near a small international airport (you can barely call it one) and my experimenting with DFS channels has been really underwhelming. I figured that in my area, which is suburban, but populated, maybe my "geeky router" could suffer less from channel overcrowding by enabling those. How wrong I was.

It seemed the net would work for a very short period of time until nothing would load at all, then suddenly start working.

The minute any flight radar is in use (like all the time) your WiFi is gonna be flapping like crazy, not to mention all the other overhead that comes with enabling this "feature".

Mac WiFi: Why I Dislike DFS Channels is a good explanation.

So now I just manually set the channels, and the only thing I have to fear is firmware updates.

Still good here, no dropouts that I have noticed.

 

[Seaprobe]

The scanning "probe" is a real concern, as described in detail in that linked article.

Radar, by itself, should either exist or not exist in an area. There are only about 100 weather radar stations per NWS NEXRAD listing. And one either lives near an airport or not, and those beams are aimed upwards to illuminate aircraft in flight.

Air traffic radar operates continuously unless down for maintenance (viz., broken). The only intermittent or inconsistent impact I can think of is that weather radar changes "tilt" to scan different slices of the sky with each rotation, but even then the beams go up in a cone rather than horizontally at ground level.

 

[itsjasper]

Updated local and remote routers without issue.

 

[fredbert]

So far I've had no new issues.

Since looking into DFS on/off I've had it switched off but with automatic channel selection on all 5 GHz and 2.4 GHz. Seems to be better than before regarding the very early morning Internet access from the iPhone. Oddly if it happens it can occur after already accessing the Internet (eg a podcast is playing) but then a pause in accessing linked news items from RSS articles. Then it works again. DNS cache? SRM database updating? It's not so noticeable now.

 

[technorabilia]

Updated my RT1900ac a couple of days ago. No issues at all. Shame this will be the last major upgrade for this model.

 

[fredbert]

2021-05-25: v1.2.5-8225 have been recalled and replaced with v1.2.5-8227 This update has been recalled on May 25, 2021, due to an issue on time synchronization. The issue has been fixed in SRM 1.2.5-8227.

 

[Rusty]

2021-05-25: v1.2.5-8225 have been recalled and replaced with v1.2.5-8227 This update has been recalled on May 25, 2021, due to an issue on time synchronization. The issue has been fixed in SRM 1.2.5-8227.

Figures...

 

[Shadow]

lol.. i still had to update mine..